bff1decdb760ded7e612076bc02b1a20491d6b251009aa3747d5b15849111c47

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13-01-2024 06:35

Target

bff1decdb760ded7e612076bc02b1a20491d6b251009aa3747d5b15849111c47.dll
Size

2.4MB
MD5

d42ef07e61fc2d32aa50200810d3af6a
SHA1

e331165c9e0cbd6bd3389011097506e874efcceb
SHA256

bff1decdb760ded7e612076bc02b1a20491d6b251009aa3747d5b15849111c47
SHA512

1f9f6ab3a4bac98f3fc1b04af1ae42c12473478a14df12628faf0aaa392745989438904960fe9d56d812e34717a1bb8fb09765d2e8e4efa6af1c0fef0bdf1b27
SSDEEP

49152:DABz3IbY9AUxG1MJ+s8KuqGaX0ToIBAUZLYt:sBzyY9AXJBAUZLy

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2216	rundll32.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2216	rundll32.exe
2216	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 2216	1736	rundll32.exe	28
PID 1736 wrote to memory of 2216	1736	rundll32.exe	28
PID 1736 wrote to memory of 2216	1736	rundll32.exe	28
PID 1736 wrote to memory of 2216	1736	rundll32.exe	28
PID 1736 wrote to memory of 2216	1736	rundll32.exe	28
PID 1736 wrote to memory of 2216	1736	rundll32.exe	28
PID 1736 wrote to memory of 2216	1736	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bff1decdb760ded7e612076bc02b1a20491d6b251009aa3747d5b15849111c47.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bff1decdb760ded7e612076bc02b1a20491d6b251009aa3747d5b15849111c47.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:2216